MPs have called on social networking firms to make it clearer to users how their data is being collected and used, and what action they can take if they disagree.
The committee highlighted terms for Facebook Messenger's mobile app, that grant permission for the social networking firm to gain direct access to mobile devices.
This means Facebook could use the devices’ cameras to take pictures or record videos, at any time without explicit confirmation from the user, reports the Telegraph.
The report said there is a problem with apps which request information that they do not obviously need.
The committee said the contents of terms and conditions have been designed to protect organisations in the event of legal action, and are too difficult for any “reasonable person” to make sense of.
“As a mechanism for showing that users have provided informed consent, so that organisations can process incredibly personal data, terms and conditions contracts are simply not fit for purpose,” the report said.
READ MORE ABOUT DATA PROTECTION
- EU companies unaware of proposed data protection law
- Is mobile device data protection overlooked?
- Data protection, privacy and the IT department
- EU data protection reform threatens NHS record-sharing plans
- A closer look at mobile device data protection
- Is meeting PCI DSS standards enough to protect customer data?
The chairman of the committee, Andrew Miller MP, also highlighted the psychological experiment in which Facebook manipulated users' emotions by varying the stories they saw in their newsfeeds.
This "highlighted serious concerns about the extent to which ticking the 'terms and conditions' box can be said to constitute informed consent when it comes to the varied ways data is now being used by many websites and apps,” he said.
However, the MPs said they were pleased to find a willingness among those in the industry to develop good practice.
“We are keen to see the government become more actively involved in developing global standards and possibly kitemark that would mark out service providers that meet those global standards in the care and handling of personal data,” they said.
Technology outstrips law
The MPs also expressed concerns that current legislation is no longer sufficient, now that data moves more easily across digital platforms and technologies can be used to analyse multiple datasets in real time.
“While legislators have reflected on how regulation should be updated, governing bodies are floundering when it comes to the details of legislation,” the report said.
The report notes that the draft EU General Data Protection Regulation has attracted criticism from industry, and progress on agreeing a final commitment has not been forthcoming.
The MPs said personal data should not be undervalued and the government has a clear responsibility to explain to the public how personal data is being used to make improvements to products and facilities.
“The government needs to lead the conversation around security of personal data so that, in future years, members of the public can engage with online services with the confidence that their personal data is secure,” the report said.